CVE-2023-3761

Name of the Vulnerable Software and Affected Versions Intergard SGS version 8.7.0

Description A vulnerability was found in the Password Change Handler component, leading to cleartext transmission of sensitive information. The attack can be launched remotely, with a rather high complexity and difficult exploitation. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Recommendations For Intergard SGS version 8.7.0, consider disabling the Password Change Handler component until a patch is available to prevent cleartext transmission of sensitive information. Restrict access to the Password Change Handler functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.